CVE-2023-33965
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-33965
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33965.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-33965
- Aliases
- Published
- 2023-06-01T14:10:54.644Z
- Modified
- 2025-11-29T14:16:56.856344Z
- Severity
-
- 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Brook's tproxy server is vulnerable to a drive-by command injection.
- Details
-
Brook is a cross-platform programmable network tool. The
tproxyserver is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the localtproxyservice leading to remote code execution. A patch is available in version 20230606. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33965.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-78" ] }- References
Affected packages
Git / github.com/txthinking/brook
Affected ranges
- Type
- GIT
- Repo
- https://github.com/txthinking/brook
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
v20170316
v20170322
v20170323
v20170330
v20170516
v20170723
v20170809
v20170814
v20170826
v20170909
v20171111
v20171113
v20180112
v20180227
v20180401
v20180601
v20180707
v20180909
v20181212
v20190205
v20190401
v20190601
v20200101
v20200102
v20200201
v20200214
v20200501
v20200502
v20200701
v20200801
v20200901
v20200909
v20210101
v20210214
v20210401
v20210601
v20210616
v20210701
v20220401
v20220404
v20220406
v20220501
v20220515
v20220707
v20221010
v20221212
v20230101
v20230122
v20230401
v20230404
v20230601
v20230404.*
v20230404.5.1